What's the deal with Modern apps and DNS Client Service?

ryan29

New Member
Messages
1
I'm more curious about this than anything because I just wasted and hour to figure it out. If I disable the DNS Client Service on Windows 8.1 it seems to break a lot of Modern apps. If it's set to start manually, some Modern apps trigger it to start.

Do Modern apps make queries directly to the DNS Client Service or something weird?
 
Yeah I came across this just now, and was diagnosing the firewall and know the exact cause.

So when dns client is enabled, all dns requests are routed via it, meaning applications do not need specific udp port 53 internet access.
If the dns client is disabled any internet application that wants to do a dns lookup will need outbound udp port 53 traffic allowed.

Now there is some undocumented behaviour going on.

There is hidden WSH Network hardened rules in the windows firewall, these rules are "always" enabled. Regardless of default outbound state in the windows firewall. (allow rules also wont allow the traffic)
So the default windows firewall configuration is to require allow rules for inbound traffic and allow all outbound traffic.
However there is hidden rules that block certain traffic Microsoft decided to block, and it seems wermgr.exe which is used by metro apps, cannot send out dns traffic, the hardened rules block it.

My gut guess is this is a bug that is yet to be fixed. Because the vast majority of people (well over 99%) will have dns client service enabled in its default state.

Interestingly the hidden rules still kick in if you disable the firewall in the advanced UI. The only way to stop the rules is to actually disable the firewall service which is obviously not recommended, meaning the sane choice is either to keep dns client enabled, dont use modern apps or use a 3rd party software firewall in place of the windows firewall.
 
you really should be concerned with this, hehe

this was an article about how hackers are using the default "hidden" connections that are deemed "safe" like these networks that check certificates and everything!

and one thing you will not find, is what these hidden little holes in your firewall send.. go ahead and google the entire world.. and you won't find a single thing on these kinds of things like AKamai etc..

akaminetwork.JPG
 
Back
Top